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We claim: 

1 . An information processor to analyze the right of access to a database having a data 
file in a form of a structured document, the information processor comprising: 

5 a query automaton generation unit for generating a query automaton from a path 

expression in which a retrieval condition for the database is described; 

an access control automaton generation unit for generating an access control 
automaton from an access control policy in which an access control rule is described; and 
a logic operation unit for deciding access rights in database retrieval using the path 
10 expression by performing logic operations related to the query automaton generated by the 
query automaton generation unit and the access control automaton generated by the access 
control automaton generation unit. 

2. The information processor of claim 1, further comprising a schema automaton 
15 generation unit for generating a schema automaton from a schema showing a structure of 

the data file stored in the database wherein the logic operation unit performs decision of 
the access right in consideration for the schema automaton generated by the schema 
automaton generation unit. 

20 3. The information processor of claim 2, further comprising a path table control unit 
for controlling path table describing paths of the data file stored in the database wherein 
the schema automaton generation unit generates the schema automaton from the path table 
controlled by the path table control unit. 

25 4. The information processor of claim 1, further comprising a path expression 
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extraction unit for extracting the path expressions from a query expression specifying a 
retrieval method for the database. 

5. The information processor of claim 4, further comprising a query expression 
5 access right decision unit for deciding access rights in the database retrieval by the query 

expression based on decision results of access rights, which are obtained by the logic 
operation unit, for the individual path expressions extracted from the query expression. 

6. An information processor which analyzes access rights to a database having a data 
10 file comprising a structured document, the information processor comprising: 

a path table control unit for controlling a path table describing paths of a data file 
stored in the database; and 

an access right decision unit for selecting a predetermined path in the path table 
controlled by the path table control unit by a path expression describing a retrieval 
15 condition for the database, applying an access control policy describing access control 
rules and deciding an access right in database retrieval by the path expression with respect 
to the predetermined path. 

7. The information processor of claim 6, further comprising: 

20 a query automaton generation unit for generating a query automaton from a path 

expression in which a retrieval condition for the database is described; and 

an access control automaton generation unit for generating an access control 
automaton from the access control policy in which the access control rule is described, 

wherein the access right decision unit selects the predetermined path by use of the 
25 query automaton generated by the query automaton generation unit and decides an access 
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right to the predetermined path by use of the access control automaton generated by the 
access control automaton generation unit. 

8. The information processor of claim 6, further comprising a path expression 
extraction unit for extracting the path expressions from a query expression specifying a 
retrieval method for the database. 

9. The information processor of claim 8, further comprising a query expression 
access right decision unit for deciding access rights in the database retrieval by the query 
expression based on decision results of access rights, which are obtained by the access 
right decision unit, for the individual path expressions extracted from the query 
expression. 

10. A database retrieval system, comprising: 

a database storing an XML document; and 

an access rights analysis device which decides, based on path expressions 
describing retrieval conditions used in retrieval for the database and an access control 
policy describing access control rules, to which one of 

1 ) always permitted, 

2) always denied, and 

3) indeterminate 

an access right in the database retrieval using the path expressions corresponds. 

11. The database retrieval system of claim 10, wherein the access rights analysis 
device includes 
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a query automaton generation unit for generating a query automaton from a path 
expression in which a retrieval condition for the database is described, 

an access control automaton generation unit for generating an access control 
automaton from the access control policy in which an access control rule is described and 
5 a logic operation unit for deciding access rights in database retrieval using the path 

expression by performing logic operations related to the query automaton generated by the 
query automaton generation unit and the access control automaton generated by the access 
control automaton generation unit. 

10 12. The database retrieval system of claim 1 1 , further comprising : 

a path expression extraction unit for extracting the path expressions from a query 
expression specifying a retrieval method for the database; and 

a query expression access right decision unit for deciding access rights in the 
database retrieval by the query expression based on decision results of access rights, 
15 which are obtained by the logic operation unit, for the individual path expressions 
extracted from the query expression. 

13. The database retrieval system of claim 10, further comprising the access rights 

analysis device including: 
20 a path table control unit for controlling a path table describing paths of a data file 

stored in the database; and 

an access right decision unit for selecting a predetermined path in the path table 

controlled by the path table control unit by a path expression describing a retrieval 

condition for the database, applying the access control policy describing the access control 
25 rules and deciding an access right in database retrieval by the path expression with respect 
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to the predetermined path. 

14. The database retrieval system of claim 13, further comprising: 

a path expression extraction unit for extracting the path expressions from a query 
5 expression specifying a retrieval method for the database; and 

a query expression access right decision unit for deciding access rights in the 
database retrieval by the query expression based on decision results of access rights, 
which are obtained by the access right decision unit, for the individual path expressions 
extracted from the query expression. 

10 

15. An access rights analysis method for analyzing the right of access to a database 
storing an XML document by use of a computer, comprising the steps of: 

generating a query automaton from a path expression in which a retrieval 
condition for the database is described, generating an access control automaton from an 
15 access control policy in which an access control rule is described and storing the generated 
query automaton and access control automaton in a predetermined storage means; and 

performing logic operations related to the query automaton and the access control 
automaton, which are stored in the predetermined storage means, and deciding an access 
right in database retrieval using the path expression without checking the XML documents 
20 stored in the database. 

16. An access rights analysis method for analyzing the right of access to a database 
storing an XML document by use of a computer, comprising the steps of: 

selecting a predetermined path from a path table, which is stored in s 
25 predetermined storage means and describes paths of a data file stored in the database, by a 
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path expression describing a retrieval condition for the database; and 

applying an access control policy describing access control rules and, without 
checking the data file stored in the database, deciding an access right in database retrieval 
by the path expression with respect to the predetermined path. 

5 

17. A program for analyzing the right of access to a database handling a data file as a 
structured document, by controlling a computer, the program causing the computer to 
function as: 

a query automaton generation means for generating a query automaton from a path 
10 expression in which a retrieval condition for the database is described; 

an access control automaton generation means for generating an access control 
automaton from an access control policy in which an access control rule is described; and 
a logic operation means for deciding access rights in database retrieval using the 
path expression by performing logic operations related to the generated query automaton 
15 and access control automaton. 

1 8. The program of claim 1 7, further causing the computer to function as 

a path expression extraction means for extracting the path expressions from a 
query expression specifying a retrieval method for the database; and 
20 a query expression access right decision means for deciding access rights in the 

database retrieval by the query expression based on decision results of access rights for the 
individual path expressions extracted from the query expression. 

19. A program for analyzing the right of access to a database handling a data file, 
25 described in a form of a structured document, by controlling a computer, the program 
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allowing the computer to function as: 

a path table control means for controlling a path table describing paths of a data 
file stored in the database; and 

an access right decision means for selecting a predetermined path in the path table 
5 controlled by the path table control unit by a path expression describing a retrieval 
condition for the database, applying an access control policy describing access control 
rules and deciding the presence of an access right in database retrieval by the path 
expression with respect to the predetermined path. 

10 20. The program of claim 19, further causing the computer to function as: 

a path expression extraction means for extracting the path expressions from a 
query expression specifying a retrieval method for the database; and 

a query expression access right decision means for deciding access rights in the 
database retrieval by the query expression based on decision results of access rights for the 
1 5 individual path expressions extracted from the query expression. 
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